1 |
Machell, Jonathan wrote: |
2 |
> Hello there, |
3 |
> |
4 |
> We're currently trialling Gentoo to possibly host some of our web-servers. I've used Gentoo for over eight years so I'm leading these trials. |
5 |
> |
6 |
> I've subscribed to this mailing list but also gentoo-server and gentoo-security. I'm trying to keep up to speed with all the latest security news affecting Gentoo, GNU/Linux, Apache and MySQL. Should subscription to these mailing lists be sufficient for this or is there any other place where I should be looking to keep on top of security issues? I'm aware that this and the other two mailing lists are low traffic but I haven't heard a peep since subscribing on Tuesday. Is that normal? I was hoping to go through the archives of previous messages at some point. Are these kept somewhere? |
7 |
|
8 |
I'm late to the party on this, but I also subscribe to the mailing lists |
9 |
of all public-facing software on our servers. For example, Postfix, |
10 |
Dovecot, SpamAssassin, Apache, PHP, ClamAV... Many security issues get |
11 |
reported to those lists before they're officially dubbed security issues. |
12 |
|
13 |
"Public-facing" is of course a meaningless term. Do you include |
14 |
iptables? How about glibc? GCC itself? You'll have to use your judgment |
15 |
and/or eliminate the lists that are boring to listen to. If you flood |
16 |
your inbox with noise, you'll stop paying attention and lose the |
17 |
benefits altogether. |